WO2017062039A1 - Biographical badges - Google Patents

Biographical badges Download PDF

Info

Publication number
WO2017062039A1
WO2017062039A1 PCT/US2015/055003 US2015055003W WO2017062039A1 WO 2017062039 A1 WO2017062039 A1 WO 2017062039A1 US 2015055003 W US2015055003 W US 2015055003W WO 2017062039 A1 WO2017062039 A1 WO 2017062039A1
Authority
WO
WIPO (PCT)
Prior art keywords
source entity
biographical
badges
security information
buyer
Prior art date
Application number
PCT/US2015/055003
Other languages
French (fr)
Inventor
Joshua Hailpern
Tomas Sander
Original Assignee
Hewlett Packard Enterprise Development Lp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hewlett Packard Enterprise Development Lp filed Critical Hewlett Packard Enterprise Development Lp
Priority to PCT/US2015/055003 priority Critical patent/WO2017062039A1/en
Publication of WO2017062039A1 publication Critical patent/WO2017062039A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • G06F21/6254Protecting personal data, e.g. for financial or medical purposes by anonymising data, e.g. decorrelating personal data from the owner's identification
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/06Buying, selling or leasing transactions

Definitions

  • Security information sharing platform Users of a security information sharing platform share security information (e.g., security indicators, observables, threat actors, malware samples, chains of attack, attack campaigns, etc.) with other users in an effort to advise the other users of any security threats, or to gain information related to security threats from other users.
  • security information e.g., security indicators, observables, threat actors, malware samples, chains of attack, attack campaigns, etc.
  • Figure 1 is a block diagram depicting an example environment in which various examples may be implemented as a biographical badges system.
  • Figure 2 is a block diagram depicting an example machine-readable storage medium comprising instructions executable by a processor for biographical badges in a security information sharing platform.
  • Figure 3 is a flow diagram depicting an example method for biographical badges in a security information sharing platform.
  • Source entities of a security information sharing platform share security information (e.g., security indicators, observables, threat actors, malware samples, chains of attack, attack campaigns, etc.) with other users (e.g., buyers) of the security information sharing platform in an effort to advise the other users of any security threats and/or to gain information related to security threats from other users.
  • security information e.g., security indicators, observables, threat actors, malware samples, chains of attack, attack campaigns, etc.
  • the other users with whom the security information is shared typically belong to a community that is selected by the source entity for sharing, or to the same community as the source entity.
  • the other users of such communities may further share the security information with further users and/or communities.
  • a "source entity", as used herein, may include an individual, organization, or any entity that may send, receive, and/or share security information.
  • a community may include a plurality of source entities and/or other users.
  • a community may include a plurality of individuals in a particular area of interest.
  • a community may include a global community where any user may join, for example, via subscription.
  • a community may also be a vertical-based community.
  • a vertical- based community may be a healthcare or a financial community.
  • a community may also be a private community with a limited number of selected users.
  • Security information may be created by and/or originated from at least one of a plurality of source entities.
  • the plurality of source entities may include a user (e.g., analysts and/or community members of the security information sharing platform).
  • Security information may be manually created and/or added to the security information sharing platform by the source entity.
  • the security information sharing platform may become a rich source of threat intelligence information itself.
  • it may be important to define appropriate associations and/or relationships of the security information to the source entity to ensure the source entity does not reveal their identities, and/or to allow a buyer of the security information to determine whether the security information is trustworthy and/or relevant.
  • a buyer may refer to an individual, organization, or any entity that may receive (e.g., purchase) security information from the security information sharing platform.
  • Biographical badges in accordance with the present disclosure, may describe the source entity in abstract terms, allowing buyers of security information to determine relevance of the security information while ensuring the anonymity of the source entity.
  • Biographical badges in accordance with the present disclosure, may allow for sharing of security information across a security information sharing platform, while maintaining the confidentiality of the source entity of the security information, as well as the confidentiality of the buyer of the source information by associating biographical badges to the listing of security information.
  • Biographical badges may describe the source entity in abstract terms without disclosing the identity of the source entity. Maintaining privacy of the source entities may incentivize source entities to share higher quality security information across the security information sharing platform, as they may receive monetary gain from such sharing.
  • specialized source entities may be formed with a business model aimed at selling information on the security information sharing platform, promoting business growth.
  • Examples disclosed herein provide a technique to associate biographical badges with a source entity in the security information sharing platform. This may allow, for example, a buyer to intelligently determine whether security information that is available in the security information sharing platform is relevant to the buyer's organization, as well as whether the security information and/or the source entity is trustworthy. As a result, the security information sharing platform may provide a way of sharing security information while maintaining privacy and obfuscation for the source entity as well as for the buyer.
  • FIG. 1 is an example environment 100 in which various examples may be implemented as a biographical badge system 1 10.
  • Biographical badge system 1 10 may include a server computing device 130 in communication with client computing devices 140A, 140B...140N (collectively referred to herein as client computing devices 140) via a network 50.
  • the client computing devices 140 may communicate requests to and/or receive responses from the server computing device 130.
  • the server computing device 130 may receive and/or respond to requests from the client computing devices 140.
  • Client computing devices 140 may be any type of computing device providing a user interface through which a user may interact with a software application.
  • client computing devices 140 may include a laptop computing device, a desktop computing device, an all-in-one computing device, a thin client, a workstation, a tablet computing device, a mobile phone, an electronic book reader, a network-enabled appliance such as a "Smart" television, and/or other electronic device suitable for displaying a user interface and processing user interactions with the displayed interface.
  • server computing device 130 may be a single computing device, the server computing device 130 may include any number of integrated or distributed computing devices.
  • Network 50 may comprise any infrastructure or combination of infrastructures that enable electronic communication between the components.
  • network 50 may include at least one of the Internet, an intranet, a PAN (Personal Area Network), a LAN (Local Area Network), a WAN (Wide Area Network), a SAN (Storage Area Network), a MAN (Metropolitan Area Network), a wireless network, a cellular communications network, a Public Switched Telephone Network, and/or other network.
  • biographical badge system 1 10 and the various components described herein may be implemented in hardware and/or a combination of hardware and programming that configures hardware. Furthermore, in Figure 1 and other figures described herein, different numbers of components or entities than depicted may be used.
  • Biographical badge system 1 10 may comprise a receive engine 121 , an associate engine 122, a display engine 123, and/or other engines.
  • engine refers to a combination of hardware and programming that performs a designated function.
  • the hardware of each engine for example, may include one or both of a processor and a machine-readable storage medium, while the programming is instructions or code stored on the machine- readable storage medium and executable by the processor to perform the designated function.
  • Receive engine 121 may receive, at a security information sharing platform, security information from a source entity.
  • a source entity may generate security information, and may then add the security information to the security information sharing platform.
  • the security information sharing platform may enable sharing of the security information among users of the security information sharing platform. Sharing may refer to distribution of security information, thus allowing a buyer to purchase the security information, and/or allowing a buyer to obtain the security information for free.
  • Associate engine 122 may associate a set of biographical badges with the source entity based on a set of characteristics of the source entity.
  • a set of biographical badges may be associated with the source entity based on characteristics of the source entity, including an industry of the source entity, a size of the source entity, a geographic location of the source entity, and/or a type of system technology of the source entity, among other characteristics.
  • Different industries may include different types of security threats.
  • the banking industry may face threats associated with the theft of personal and/or monetary information.
  • the defense industry may face threats associated with breach of national security by disclosure of confidential and/or classified information. Therefore, it may be important to buyers of security information from the security information sharing platform to know that security information is relevant to the industry of the buyer of the security information.
  • Characteristics of the source entity may include an industry of the source entity.
  • a source entity may be a business, partnership, or other organization that operates in a financial industry. That is, a source entity may be a bank.
  • a source entity may be an organization in an energy industry. That is, a source entity may be a power company. Accordingly, a biographical badge corresponding to the industry of the source entity may be associated with the source entity.
  • the industry of a source entity is described as including the financial and/or energy industry, examples of the disclosure are not so limited.
  • the source entity may be an organization in an economic, monetary, health, and/or defense industry, among other types of industries.
  • Characteristics of the source entity may include a size of the source entity.
  • the source entity may be an organization with less than 50 employees.
  • the source entity may be an organization with more than 500 employees.
  • a biographical badge may be associated with the size of the source entity by associate engine 122.
  • Characteristics of the source entity may include a geographic location of the source entity.
  • a source entity may be a business located in China.
  • a buyer of source information located in the United States may not want to buy information from a source entity located in China as, for example, the buyer may not want to risk alerting a Chinese source entity, or a third party, of a vulnerability in a computing system of the buyer in the United States. That is, purchasing the security information from the Chinese source entity may alert the Chinese source entity or a third party that the buyer in the United States has a potentially exploitable security vulnerability.
  • an organization located in the United States may want to purchase security information from other organizations located in the United States.
  • a biographical badge may be associated with the source entity based on the geographical location of the source entity, to allow buyers of security information to determine the geographical location of the source entity of the security information by associate engine 122.
  • Characteristics of the source entity may include a type of system technology of the source entity.
  • a buyer organization utilizing an operating system that is different from the operating system utilized by the source entity may not want to purchase that security information, as the security information may not apply to the buyer's operating system and therefore may be irrelevant to the buyer. That is, an organization may want to purchase security information from a source entity utilizing the same or similar type of system technology (e.g., operating system) as the buyer.
  • a biographical badge may be associated with the source entity based on the type of system technology of the source entity by associate engine 122.
  • the type of system technology is described as an operating system of the source entity, examples of the disclosure are not so limited.
  • the type of system technology may include technology brands, system architecture (e.g., server layout), and/or other types of system technology.
  • the associate engine 122 may associate a biographical badge with the source entity based on the type of security information received from the source entity. That is, the type of security information received by receive engine 121 from the source entity may be determined, and a biographical badge may be associated with the corresponding type of security information by associate engine 122.
  • the type of security information may include a type of malware description, a security attack, and/or a potential security
  • a biographical badge may be associated by associate engine 122 with the type of security information received from the source entity.
  • the associate engine 122 may determine the set of characteristics of the source entity by clustering techniques or by frequent pattern mining. Patterns of characteristics may occur when a source entity and/or a buyer are frequently selling and/or buying security information on the security information sharing platform. The set of characteristics of a source entity or a buyer may become unique as a result of selling and/or buying patterns of the source entity and/or the buyer, respectively, such that another user (e.g., another seller and/or buyer) of the security information sharing platform may identify the source entity and/or the buyer.
  • Another user e.g., another seller and/or buyer
  • determining patterns of characteristics may alert the biographical badge system 1 10, a source entity, and/or a buyer that information from the biographical badges about the source entity and/or buyer associated with the respective characteristics of the source entity and/or buyer may need to be changed to maintain the anonymity of the source entity and/or buyer.
  • the associate engine 122 may determine the set of characteristics of the source entity by cluster analysis of characteristics of the source entity to determine the set of characteristics of the source entity to ensure the set of characteristics is not unique enough to identify the source entity. For example, single value decomposition may be used on characteristics of the source entity to determine the set of characteristics of the source entity. [0028] In some examples, the associate engine 122 may determine the set of characteristics of the source entity by pattern mining characteristics of the source entity to determine the set of characteristics of the source entity to ensure the set of characteristics is not unique enough to identify the source entity. Pattern mining may be a process of discovering patterns in large data sets (e.g., characteristics). Pattern mining may be used to identify and avoid patterns of characteristics that may identify a source entity.
  • biographical badge system 1 10 may alert the source entity and/or buyer of a potential disclosure of identity. For example, biographical badge system 1 10 may alert a source entity and/or buyer to limit display of the set of biographical badges to a subset of biographical badges.
  • biographical badge system 1 10 may receive a policy from a source entity and/or a buyer to limit display of biographical badges, where the policy choice may allow biographical badge system 1 10 to automatically limit display of the set of biographical badges to display of a subset of biographical badges in response to associate engine 122 determining that information from the biographical badges about the source entity and/or buyer may disclose the identity of the source entity and/or buyer.
  • a source entity and/or a buyer may indicate a policy to automatically limit display of a set of biographical badges to a subset of biographical badges in response to biographical badge system 1 10 determining the set of biographical badges may disclose the identity of the source entity and/or buyer.
  • biographical badge system 1 10 may alert an employee (e.g., an analyst) of the security information sharing platform. The analyst may then alert the source entity and/or the buyer of this determination.
  • employee e.g., an analyst
  • Biographical badge system 1 10 may verify the set of biographical badges of the source entity. For example, responsive to a source entity or a buyer joining (e.g., subscribing to) the security information sharing platform, the source entity and/or the buyer may provide characteristics to the security information sharing platform.
  • Biographical badge system 1 10 may verify the characteristics provided to the security information sharing platform (e.g., industry of the source entity, size of the source entity, geographic location of the source entity, and/or type of system technology of the source entity, etc.) As a further example, biographical badge system 1 10 may verify biographical badges associated with behavior of a source entity and/or buyer (e.g., number of contributions of security information the security information sharing platform, identities of buyers giving peer ratings to avoid false peer ratings, etc.)
  • Verification of the biographical badges of a source entity may ensure the reliability and accuracy of the security information shared in the security information sharing platform, as well as the veracity of the source entities and/or buyers. For example, verification may ensure there are no fraudulent and/or counterfeit biographical badges. In this way, verification may help to avoid fraud and/or deceit in the security information sharing platform, allowing for buyers to confidently purchase security information from source entities.
  • biographical badge system 1 10 may verify other types of biographical badges, including badges associated with the geographical location of the source entity and/or the type of system technology of the source entity.
  • Display engine 123 may cause display of information from the set of biographical badges and at least part of the security information from the source entity. For example, security information listed for sale in the security information sharing platform may be accompanied by the set of biographical badges of the source entity of the security information. Display engine 123 may cause display of a title, abstract, and/or short description of the security information to allow a buyer to determine the type of the security information for sale.
  • the set of biographical badges accompanying the security information may include information indicating an industry of the source entity, a size of the source entity, a geographic location of the source entity, a type of system technology of the source entity and/or a peer rating of the source entity (e.g., as will be further described herein), among other types of biographical badges.
  • the display of biographical badges with the security information from the source entity may allow a buyer of the security information to determine if the security information is relevant and/or trustworthy without disclosing the identity of the source entity.
  • the source entity may indicate to biographical badge system 1 10 to cause to display, via display engine 123, the set of biographical badges with the security information. For example, all of the biographical badges associated with the source entity may be displayed with the security information.
  • the source entity may indicate to
  • biographical badge system 1 10 to cause to display, via display engine 123, a subset of the set of biographical badges with the security information.
  • the source entity may choose a subset of the set of biographical badges to be displayed with the security information.
  • the biographical badge system 1 10 may determine, by associate engine 122, a subset of the set of biographical badges with the security information.
  • biographical badge system 1 10 may determine the set of biographical badges that may disclose the identity of the source entity, and in response, may determine a subset of the set of biographical badges to be displayed with the security information to maintain anonymity of the identity of the source entity.
  • Biographical badge system 1 10 may indicate peer ratings of a source entity based on a subset of biographical badges.
  • a subset of biographical badges of the source entity may be related to a peer rating of the security information. That is, receive engine 121 may receive information related to peer rating of the security information from by buyers of the security information.
  • a source entity may include a subset of biographical badges indicating positive peer ratings from other buyers of the security information the receive engine 121 has received from the source entity.
  • peer ratings may include the rate of false positives.
  • security information from a source entity may be directed towards uncovering the presence of malicious code.
  • a buyer may have success using the security information to uncover the presence of malicious code, while confronting few instances of false positives (e.g., code that is indicated as malicious, but is not malicious).
  • the buyer may indicate that the security information has uncovered a high number of instances of malicious code with a low false positive rate relative to a number of instances of malicious code and false positive rate of prior security information that may not have been as useful.
  • peer ratings may indicate the uniqueness of the security information.
  • a buyer may indicate the security information is a unique approach to a security problem such as detecting malware. The buyer may indicate that the approach to detecting malware is more efficient than previous approaches, and is therefore unique and valuable.
  • peer ratings may indicate the originality of the security information. For example, a buyer may indicate the security information is an original approach to a security problem, and is not a solution the buyer may have previously tried which did not work.
  • the receive engine 121 may receive a request for a search query from a buyer at the security information sharing platform.
  • the request for the search query may include a type of security information sought by the buyer.
  • the request for the search query may include characteristics of a source entity.
  • Biographical badge system 1 10 may perform a search query of the security information sharing platform, where the search query includes a particular type of security information the buyer is looking to purchase. That is, receive engine 121 may receive a request for a search query from a buyer specifying a type of security vulnerability, and biographical badge system 1 10 may perform a search query of the information sharing platform for the type of security vulnerability.
  • receive engine 121 may receive a request for a search query from a buyer specifying characteristics of a particular source entity, and biographical badge system 1 10 may perform a search query of the security information sharing platform for the characteristics of the particular source entity. That is, biographical badge system 1 10 may perform a search query of the security information sharing platform that includes a minimum sized source entity (e.g., at least 100 employees), or a particular industry of the source entity (e.g., a source entity in the defense industry).
  • a minimum sized source entity e.g., at least 100 employees
  • a particular industry of the source entity e.g., a source entity in the defense industry
  • the biographical badge system 1 10 may determine, for a listing available via the security information sharing platform, a corresponding set of biographical badges and cause display of information related to the determined corresponding set of biographical badges. That is, the biographical badge system 1 10 may determine and cause to display security information from the security information sharing platform, as well as a set of corresponding biographical badges of the source entity of the security information, to the buyer in response to receiving the buyer's request for the search query.
  • biographical badge system 1 10 may perform a search query of the security information sharing platform in response to a request for a search query where the request for the search query includes a particular type of security information sought by the buyer and characteristics of a particular source entity. Based on the request for the search query received at receive engine 121 from the buyer, the biographical badge system 1 10 may determine a corresponding set of biographical badges and cause display of information related to the
  • the biographical badge system 1 10 may cause to display security information from the security information sharing platform, as well as a set of corresponding biographical badges of the source entity of the security information, to the buyer in response to receiving the buyer's request for the search query at receive engine 121 .
  • biographical badge system 1 10 may determine a subset of the set of biographical badges associated with the source entity that correspond to characteristics of the buyer. That is, biographical badge system 1 10 may determine a subset of the set of biographical badges based on characteristics of the buyer. For example, similar to a source entity, characteristics may also be associated with a buyer. Characteristics associated with a buyer may be similar to characteristics associated with a source entity. For example, characteristics of a buyer may include an industry of the buyer, a size of the buyer, a geographic location of the buyer, and/or a type of system technology of the buyer, although examples of the disclosure are not so limited.
  • Biographical badge system 1 10 may cause display of information from the set of biographical badges associated with the source entity based on the set of characteristics of the buyer being similar to the characteristics associated with the set of biographical badges of the source entity. For example, if the buyer includes characteristics such as an organization with less than 100 employees, located in the United States, and is an organization in an energy industry, the biographical badge system 1 10 may cause display of information from a set of biographical badges associated with a source entity based on the buyer's characteristics (e.g., buyer is an organization with less than 100 employees, located in the United States, and is an organization in an energy industry) being similar to the source entity's
  • Biographical badge system 1 10 may determine relevance of the set of biographical badges to the buyer based on the set of characteristics of the source entity. For example, biographical badge system 1 10 may determine characteristics of the buyer and may compare the characteristics of the buyer with characteristics associated with the set of biographical badges of the source entity. In some examples, the biographical badge system 1 10 may determine relevance by determining a relevancy score based on the comparison of the characteristics of the buyer and the characteristics associated with the set of biographical badges.
  • the source entity may be a health organization located in the United States. Biographical badge system 1 10 may determine that the source entity health organization is relevant to a buyer who is also a health organization looking to purchase security information from the security information sharing platform.
  • Figure 2 is a block diagram depicting an example machine-readable storage medium 210, comprising instructions executable by a processor for biographical badges in a security information sharing platform.
  • the programming may be processor executable instructions 221 , 222, 223 stored on a machine-readable storage medium 210 and the hardware may include a processor 21 1 for executing those instructions.
  • machine-readable storage medium 210 may be said to store program instructions or code that when executed by processor 21 1 implements a biographical badge system (e.g., biographical badge system 1 10, previously described in connection with Figure 1 )-
  • a biographical badge system e.g., biographical badge system 1 10, previously described in connection with Figure 1
  • the executable program instructions in machine-readable storage medium 210 are depicted as receive instructions 221 , associate instructions 222, and display instructions 223. Instructions 221 , 222, and 223 represent program instructions that, when executed, cause processor 21 1 to implement engines 121 , 122, and 123, respectively.
  • Machine-readable storage medium 210 may be any electronic, magnetic, optical, or other physical storage device that includes or stores executable instructions.
  • machine-readable storage medium 210 may be a non- transitory storage medium, where the term "non-transitory" does not encompass transitory propagating signals.
  • Machine-readable storage medium 210 may be implemented in a single device or distributed across devices.
  • processor 21 1 may represent any number of processors capable of executing instructions stored by machine-readable storage medium 210.
  • Processor 21 1 may be integrated in a single device or distributed across devices.
  • machine-readable storage medium 210 may be fully or partially integrated in the same device as processor 21 1 , or it may be separate but accessible to that device and processor 21 1 .
  • the program instructions may be part of an installation package that when installed may be executed by processor 21 1 to implement biographical badge system 1 10.
  • machine-readable storage medium 210 may be a portable medium such as a floppy disk, CD, DVD, or flash drive or a memory maintained by a server from which the installation package may be downloaded and installed.
  • the program instructions may be part of an application or applications already installed.
  • machine-readable storage medium 210 may include a hard disk, optical disk, tapes, solid state drives, RAM, ROM, EEPROM, or the like.
  • Processor 21 1 may be at least one central processing unit (CPU), microprocessor, and/or other hardware device suitable for retrieval and execution of instructions stored in machine-readable storage medium 210.
  • Processor 21 1 may fetch, decode, and execute program instructions 221 , 222, and 223, and/or other instructions.
  • processor 21 1 may include at least one electronic circuit comprising a number of electronic components for performing the functionality of at least one of instructions 221 , 222, and 223, and/or other instructions.
  • instructions may be executable to receive, from a plurality of source entities, security information at a security information sharing platform, determine, for a source entity of the plurality of source entities, a set of biographical badges based on a set of characteristics of the source entity, and associate, in the security information sharing platform, a corresponding set of biographical badges for the source entity based on the determined set of biographical badges for the source entity.
  • instructions may be executable to, responsive to determining that a buyer accesses information about a listing associated with a source entity, determine a subset of the set of biographical badges associated with the source entity that correspond to characteristics of the buyer, and cause display of information related to the subset of the set of biographical badges.
  • the instructions may be further executable to determine relevance of the set of biographical badges to the buyer based on the set of characteristics of the source entity.
  • the instructions may be executable to indicate peer ratings of the source entity based on a subset of biographical badges.
  • Figure 3 is a flow diagram depicting an example method 330 for biographical badges in a security information sharing platform.
  • the various processing blocks and/or data flows depicted in Figure 3 are described in greater detail herein.
  • the described processing blocks may be accomplished using some or all of the system components described in detail above and, in some implementations, various processing blocks may be performed in different sequences and various processing blocks may be omitted. Additional processing blocks may be performed along with some or all of the processing blocks shown in the depicted flow diagrams. Some processing blocks may be performed simultaneously.
  • method 330 as illustrated is meant be an example and, as such, should not be viewed as limiting.
  • Method 330 may be implemented in the form of executable instructions stored on a machine-readable storage medium (e.g., machine- readable storage medium 210, previously described in connection with Figure 2), and/or in the form of electronic circuitry.
  • a machine-readable storage medium e.g., machine- readable storage medium 210, previously described in connection with Figure 2
  • the method 330 may include a receive engine (e.g., receive engine 121 , previously described in connection with Figure 1 ) to receive, at a security information sharing platform, security information from a plurality of source entities.
  • a receive engine e.g., receive engine 121 , previously described in connection with Figure 1
  • receive engine 121 to receive, at a security information sharing platform, security information from a plurality of source entities.
  • a source entity may generate security information.
  • the generated security information may be valuable to an organization similar to the source entity.
  • a receiving engine may receive the security information from the source entity to provide the security information to the security information sharing platform to be offered for sale to prospective buyers.
  • the method 330 may include an associate engine (e.g., associate engine 122, previously described in connection with Figure 1 ) to associate, with a source entity of the plurality of source entities, a set of biographical badges based on a set of characteristics of the source entity and the security information from the source entity.
  • the set of biographical badges may represent the source entity in abstract terms.
  • the set of biographical badges may give an indication to a buyer the industry of the source entity, a size of the source entity, a geographic location of the source entity, and/or a type of system technology of the source entity, among other characteristics associated with the set of biographical badges.
  • the set of biographical badges may indicate to the buyer whether the security information is relevant to the buyer and whether the source entity is a trustworthy source for the security information, while maintaining the anonymity of the source entity. That is, the set of biographical badges indicate relevance to the buyer while maintaining privacy of the source entity.
  • the method 330 may include in response to determining that a buyer accesses information about a listing associated with a source entity, an associate engine to determine a subset of the set of biographical badges associated with the source entity that correspond to characteristics of the buyer. For example, a buyer may have characteristics similar to a source entity (e.g., both source entity and buyer are located in the United States).
  • the set (or a subset) of biographical badges may be displayed if characteristics of the buyer correspond to characteristics of the source entity. For example, a buyer technology company may not care about biographical badges corresponding to a source entity in a finance industry; badges, and security information from the finance source entity, may not be displayed for the buyer technology company.
  • the method 330 may include a display engine (e.g., display engine 123, previously described in connection with Figure 1 ) to cause to display information related to the subset of the biographical badges.
  • a display engine e.g., display engine 123, previously described in connection with Figure 1
  • security information may be caused to be displayed by the display engine along with a set of biographical badges of a source entity of the security information.
  • the method may include receiving, at the receive engine from a source entity, a selection of a subset of biographical badges among the set of biographical badges to be shown at the security information sharing platform.
  • a source entity may not want to show the whole set of biographical badges pertaining to the source entity, as the whole set of biographical badges may disclose the identity of the source entity.
  • the set of biographical badges associated with a source entity that is located in the United States is a top 10 financial institution, includes over 500 employees, and uses a particular type of system technology may disclose the identity of the source entity.
  • the source entity may be offering security information relating to a type of system vulnerability of the source entity, and the combination of the set of biographical badges may disclose the identity of the source entity, allowing malicious actors to determine the system vulnerability and gain unauthorized access to the source entities' systems. Therefore, the receive engine may receive, from the source entity, a selection of a subset of biographical badges among the set of biographical badges to be shown in order to maintain privacy, and information related to the subset of biographical badges and at least part of the security information may be caused to be displayed. That is, the security information for sale may be shown with the selected subset of biographical badges.
  • the method may include receiving, at the receive engine, a peer rating from a buyer about the source entity that comprises information indicating a value of the security information from the source entity. For example, a buyer may purchase security information from the security information sharing platform, and may indicate a value of the security information for other buyers in the future by the peer rating of the source entity.
  • the method may include revising, by a biographical badge system (e.g., biographical badge system 1 10, previously described in connection with Figure 1 ) a set or subset of biographical badges associated with a peer rating of the source entity in response to receiving the peer rating.
  • a biographical badge system e.g., biographical badge system 1 10, previously described in connection with Figure 1
  • a set or subset of biographical badges of a source entity may be revised to indicate positive peer ratings from buyers of the source entity's security information.
  • a set or subset of biographical badges of a source entity may be revised by the biographical badge system to indicate negative peer ratings from buyers of the source entity's security information.
  • Peer ratings of the source entity may improve the quality of the security information sharing platform by allowing buyers to avoid security information from source entities that are simply reselling publicly known information. Further, valuable security information may be more lucrative to a source entities, encouraging source entities to provide innovative security information to buyers.
  • biographical badges in a security information sharing platform may include systems, devices, computer-readable storage media, and methods for biographical badges in a security information sharing platform.
  • certain examples are described with reference to the components illustrated in Figures 1 -3.
  • the functionality of the illustrated components may overlap, however, and may be present in a fewer or greater number of elements and components.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Finance (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Marketing (AREA)
  • General Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Economics (AREA)
  • Development Economics (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

Example implementations relate to biographical badges in a security information sharing platform. For example, a system for biographical comprises a physical processor that executes machine-readable instructions that cause the system to receive, at a security information sharing platform, security information from a source entity, associate a set of biographical badges with the source entity based on a set of characteristics of the source entity, and cause display of information from the set of biographical badges and at least part of the security information from the source entity.

Description

BIOGRAPHICAL BADGES
Background
[0001] Users of a security information sharing platform share security information (e.g., security indicators, observables, threat actors, malware samples, chains of attack, attack campaigns, etc.) with other users in an effort to advise the other users of any security threats, or to gain information related to security threats from other users.
Brief Description of the Drawings
[0002] Figure 1 is a block diagram depicting an example environment in which various examples may be implemented as a biographical badges system.
[0003] Figure 2 is a block diagram depicting an example machine-readable storage medium comprising instructions executable by a processor for biographical badges in a security information sharing platform.
[0004] Figure 3 is a flow diagram depicting an example method for biographical badges in a security information sharing platform.
Detailed Description
[0005] The following detailed description refers to the accompanying drawings. Wherever possible, the same reference numbers are used in the drawings and the following description to refer to the same or similar parts. It is to be expressly understood, however, that the drawings are for the purpose of illustration and description only. While several examples are described in this document,
modifications, adaptations, and other implementations are possible. Accordingly, the following detailed description does not limit the disclosed examples. Instead, the proper scope of the disclosed examples may be defined by the appended claims.
[0006] Source entities of a security information sharing platform share security information (e.g., security indicators, observables, threat actors, malware samples, chains of attack, attack campaigns, etc.) with other users (e.g., buyers) of the security information sharing platform in an effort to advise the other users of any security threats and/or to gain information related to security threats from other users. The other users with whom the security information is shared typically belong to a community that is selected by the source entity for sharing, or to the same community as the source entity. The other users of such communities may further share the security information with further users and/or communities. A "source entity", as used herein, may include an individual, organization, or any entity that may send, receive, and/or share security information. A community may include a plurality of source entities and/or other users. For example, a community may include a plurality of individuals in a particular area of interest. A community may include a global community where any user may join, for example, via subscription. A community may also be a vertical-based community. For example, a vertical- based community may be a healthcare or a financial community. A community may also be a private community with a limited number of selected users.
[0007] Security information may be created by and/or originated from at least one of a plurality of source entities. For example, the plurality of source entities may include a user (e.g., analysts and/or community members of the security information sharing platform). Security information may be manually created and/or added to the security information sharing platform by the source entity.
[0008] As more security information is gathered from various source entities and added to the security information sharing platform, the security information sharing platform may become a rich source of threat intelligence information itself. To maximize the richness of threat intelligence information gathered by the platform, it may be important to define appropriate associations and/or relationships of the security information to the source entity to ensure the source entity does not reveal their identities, and/or to allow a buyer of the security information to determine whether the security information is trustworthy and/or relevant. As used herein, a buyer may refer to an individual, organization, or any entity that may receive (e.g., purchase) security information from the security information sharing platform.
[0009] Maintaining the identity of the source entity may be important in maintaining security of the source entity organization. A compromise of privacy of the source entity may lead to the source entity being identified, opening the source entity to vulnerabilities. Biographical badges, in accordance with the present disclosure, may describe the source entity in abstract terms, allowing buyers of security information to determine relevance of the security information while ensuring the anonymity of the source entity.
[0010] Biographical badges, in accordance with the present disclosure, may allow for sharing of security information across a security information sharing platform, while maintaining the confidentiality of the source entity of the security information, as well as the confidentiality of the buyer of the source information by associating biographical badges to the listing of security information. Biographical badges may describe the source entity in abstract terms without disclosing the identity of the source entity. Maintaining privacy of the source entities may incentivize source entities to share higher quality security information across the security information sharing platform, as they may receive monetary gain from such sharing. Additionally, specialized source entities may be formed with a business model aimed at selling information on the security information sharing platform, promoting business growth.
[0011] Examples disclosed herein provide a technique to associate biographical badges with a source entity in the security information sharing platform. This may allow, for example, a buyer to intelligently determine whether security information that is available in the security information sharing platform is relevant to the buyer's organization, as well as whether the security information and/or the source entity is trustworthy. As a result, the security information sharing platform may provide a way of sharing security information while maintaining privacy and obfuscation for the source entity as well as for the buyer.
[0012] The terminology used herein is for the purpose of describing particular examples only and is not intended to be limiting. As used herein, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. The term "plurality," as used herein, is defined as two or more than two. The term "another," as used herein, is defined as at least a second or more. The term "coupled," as used herein, is defined as connected, whether directly without any intervening elements or indirectly with at least one intervening elements, unless otherwise indicated. Two elements may be coupled mechanically, electrically, or communicatively linked through a communication channel, pathway, network, or system. The term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items. As used herein, the term "includes" means includes but not limited to, and the term "including" means including but not limited to. The term "based on" means based at least in part on.
[0013] Figure 1 is an example environment 100 in which various examples may be implemented as a biographical badge system 1 10. Biographical badge system 1 10 may include a server computing device 130 in communication with client computing devices 140A, 140B...140N (collectively referred to herein as client computing devices 140) via a network 50. The client computing devices 140 may communicate requests to and/or receive responses from the server computing device 130. The server computing device 130 may receive and/or respond to requests from the client computing devices 140. Client computing devices 140 may be any type of computing device providing a user interface through which a user may interact with a software application. For example, client computing devices 140 may include a laptop computing device, a desktop computing device, an all-in-one computing device, a thin client, a workstation, a tablet computing device, a mobile phone, an electronic book reader, a network-enabled appliance such as a "Smart" television, and/or other electronic device suitable for displaying a user interface and processing user interactions with the displayed interface. While the server computing device 130 may be a single computing device, the server computing device 130 may include any number of integrated or distributed computing devices.
[0014] The various components (e.g., data storage 129, server computing device 130, and/or client computing devices 140) depicted in Figure 1 may be coupled to at least one other component via a network 50. Network 50 may comprise any infrastructure or combination of infrastructures that enable electronic communication between the components. For example, network 50 may include at least one of the Internet, an intranet, a PAN (Personal Area Network), a LAN (Local Area Network), a WAN (Wide Area Network), a SAN (Storage Area Network), a MAN (Metropolitan Area Network), a wireless network, a cellular communications network, a Public Switched Telephone Network, and/or other network. According to various implementations, biographical badge system 1 10 and the various components described herein may be implemented in hardware and/or a combination of hardware and programming that configures hardware. Furthermore, in Figure 1 and other figures described herein, different numbers of components or entities than depicted may be used.
[0015] Biographical badge system 1 10 may comprise a receive engine 121 , an associate engine 122, a display engine 123, and/or other engines. The term "engine", as used herein, refers to a combination of hardware and programming that performs a designated function. As is illustrated with respect to Figure 2, the hardware of each engine, for example, may include one or both of a processor and a machine-readable storage medium, while the programming is instructions or code stored on the machine- readable storage medium and executable by the processor to perform the designated function.
[0016] Receive engine 121 may receive, at a security information sharing platform, security information from a source entity. For example, a source entity may generate security information, and may then add the security information to the security information sharing platform. Once security information is received, the security information sharing platform may enable sharing of the security information among users of the security information sharing platform. Sharing may refer to distribution of security information, thus allowing a buyer to purchase the security information, and/or allowing a buyer to obtain the security information for free.
[0017] Associate engine 122 may associate a set of biographical badges with the source entity based on a set of characteristics of the source entity. For example, a set of biographical badges may be associated with the source entity based on characteristics of the source entity, including an industry of the source entity, a size of the source entity, a geographic location of the source entity, and/or a type of system technology of the source entity, among other characteristics.
[0018] Different industries may include different types of security threats. For example, the banking industry may face threats associated with the theft of personal and/or monetary information. As another example, the defense industry may face threats associated with breach of national security by disclosure of confidential and/or classified information. Therefore, it may be important to buyers of security information from the security information sharing platform to know that security information is relevant to the industry of the buyer of the security information.
[0019] Characteristics of the source entity may include an industry of the source entity. For example, a source entity may be a business, partnership, or other organization that operates in a financial industry. That is, a source entity may be a bank. As another example, a source entity may be an organization in an energy industry. That is, a source entity may be a power company. Accordingly, a biographical badge corresponding to the industry of the source entity may be associated with the source entity. [0020] Although the industry of a source entity is described as including the financial and/or energy industry, examples of the disclosure are not so limited. For example, the source entity may be an organization in an economic, monetary, health, and/or defense industry, among other types of industries.
[0021] Characteristics of the source entity may include a size of the source entity. For example, the source entity may be an organization with less than 50 employees. As another example, the source entity may be an organization with more than 500 employees. Accordingly, a biographical badge may be associated with the size of the source entity by associate engine 122.
[0022] Characteristics of the source entity may include a geographic location of the source entity. For example, a source entity may be a business located in China. A buyer of source information located in the United States may not want to buy information from a source entity located in China as, for example, the buyer may not want to risk alerting a Chinese source entity, or a third party, of a vulnerability in a computing system of the buyer in the United States. That is, purchasing the security information from the Chinese source entity may alert the Chinese source entity or a third party that the buyer in the United States has a potentially exploitable security vulnerability. To avoid this situation, an organization located in the United States may want to purchase security information from other organizations located in the United States. A biographical badge may be associated with the source entity based on the geographical location of the source entity, to allow buyers of security information to determine the geographical location of the source entity of the security information by associate engine 122.
[0023] Characteristics of the source entity may include a type of system technology of the source entity. For example, a buyer organization utilizing an operating system that is different from the operating system utilized by the source entity may not want to purchase that security information, as the security information may not apply to the buyer's operating system and therefore may be irrelevant to the buyer. That is, an organization may want to purchase security information from a source entity utilizing the same or similar type of system technology (e.g., operating system) as the buyer. A biographical badge may be associated with the source entity based on the type of system technology of the source entity by associate engine 122. [0024] Although the type of system technology is described as an operating system of the source entity, examples of the disclosure are not so limited. For example, the type of system technology may include technology brands, system architecture (e.g., server layout), and/or other types of system technology.
[0025] In some examples, the associate engine 122 may associate a biographical badge with the source entity based on the type of security information received from the source entity. That is, the type of security information received by receive engine 121 from the source entity may be determined, and a biographical badge may be associated with the corresponding type of security information by associate engine 122. For example, the type of security information may include a type of malware description, a security attack, and/or a potential security
vulnerability, among other types of security information. Accordingly, a biographical badge may be associated by associate engine 122 with the type of security information received from the source entity.
[0026] The associate engine 122 may determine the set of characteristics of the source entity by clustering techniques or by frequent pattern mining. Patterns of characteristics may occur when a source entity and/or a buyer are frequently selling and/or buying security information on the security information sharing platform. The set of characteristics of a source entity or a buyer may become unique as a result of selling and/or buying patterns of the source entity and/or the buyer, respectively, such that another user (e.g., another seller and/or buyer) of the security information sharing platform may identify the source entity and/or the buyer. Therefore, determining patterns of characteristics may alert the biographical badge system 1 10, a source entity, and/or a buyer that information from the biographical badges about the source entity and/or buyer associated with the respective characteristics of the source entity and/or buyer may need to be changed to maintain the anonymity of the source entity and/or buyer.
[0027] In some examples, the associate engine 122 may determine the set of characteristics of the source entity by cluster analysis of characteristics of the source entity to determine the set of characteristics of the source entity to ensure the set of characteristics is not unique enough to identify the source entity. For example, single value decomposition may be used on characteristics of the source entity to determine the set of characteristics of the source entity. [0028] In some examples, the associate engine 122 may determine the set of characteristics of the source entity by pattern mining characteristics of the source entity to determine the set of characteristics of the source entity to ensure the set of characteristics is not unique enough to identify the source entity. Pattern mining may be a process of discovering patterns in large data sets (e.g., characteristics). Pattern mining may be used to identify and avoid patterns of characteristics that may identify a source entity.
[0029] In response to associate engine 122 determining information from the biographical badges about the source entity and/or buyer may disclose the identity of the source entity and/or buyer, biographical badge system 1 10 may alert the source entity and/or buyer of a potential disclosure of identity. For example, biographical badge system 1 10 may alert a source entity and/or buyer to limit display of the set of biographical badges to a subset of biographical badges.
[0030] In some examples, biographical badge system 1 10 may receive a policy from a source entity and/or a buyer to limit display of biographical badges, where the policy choice may allow biographical badge system 1 10 to automatically limit display of the set of biographical badges to display of a subset of biographical badges in response to associate engine 122 determining that information from the biographical badges about the source entity and/or buyer may disclose the identity of the source entity and/or buyer. For example, a source entity and/or a buyer may indicate a policy to automatically limit display of a set of biographical badges to a subset of biographical badges in response to biographical badge system 1 10 determining the set of biographical badges may disclose the identity of the source entity and/or buyer.
[0031] In some examples, in response to associate engine 122 determining that information from the biographical badges about the source entity and/or buyer may disclose the identity of the source entity and/or the buyer, biographical badge system 1 10 may alert an employee (e.g., an analyst) of the security information sharing platform. The analyst may then alert the source entity and/or the buyer of this determination.
[0032] Biographical badge system 1 10 may verify the set of biographical badges of the source entity. For example, responsive to a source entity or a buyer joining (e.g., subscribing to) the security information sharing platform, the source entity and/or the buyer may provide characteristics to the security information sharing platform. Biographical badge system 1 10 may verify the characteristics provided to the security information sharing platform (e.g., industry of the source entity, size of the source entity, geographic location of the source entity, and/or type of system technology of the source entity, etc.) As a further example, biographical badge system 1 10 may verify biographical badges associated with behavior of a source entity and/or buyer (e.g., number of contributions of security information the security information sharing platform, identities of buyers giving peer ratings to avoid false peer ratings, etc.)
[0033] Verification of the biographical badges of a source entity may ensure the reliability and accuracy of the security information shared in the security information sharing platform, as well as the veracity of the source entities and/or buyers. For example, verification may ensure there are no fraudulent and/or counterfeit biographical badges. In this way, verification may help to avoid fraud and/or deceit in the security information sharing platform, allowing for buyers to confidently purchase security information from source entities.
[0034] Although described as verifying the industry of the source entity or the size of the source entity, examples of the disclosure are not so limited. For example, biographical badge system 1 10 may verify other types of biographical badges, including badges associated with the geographical location of the source entity and/or the type of system technology of the source entity.
[0035] Display engine 123 may cause display of information from the set of biographical badges and at least part of the security information from the source entity. For example, security information listed for sale in the security information sharing platform may be accompanied by the set of biographical badges of the source entity of the security information. Display engine 123 may cause display of a title, abstract, and/or short description of the security information to allow a buyer to determine the type of the security information for sale.
[0036] The set of biographical badges accompanying the security information may include information indicating an industry of the source entity, a size of the source entity, a geographic location of the source entity, a type of system technology of the source entity and/or a peer rating of the source entity (e.g., as will be further described herein), among other types of biographical badges. The display of biographical badges with the security information from the source entity may allow a buyer of the security information to determine if the security information is relevant and/or trustworthy without disclosing the identity of the source entity. The source entity may indicate to biographical badge system 1 10 to cause to display, via display engine 123, the set of biographical badges with the security information. For example, all of the biographical badges associated with the source entity may be displayed with the security information. The source entity may indicate to
biographical badge system 1 10 to cause to display, via display engine 123, a subset of the set of biographical badges with the security information. For example, the source entity may choose a subset of the set of biographical badges to be displayed with the security information. The biographical badge system 1 10 may determine, by associate engine 122, a subset of the set of biographical badges with the security information. For example, biographical badge system 1 10 may determine the set of biographical badges that may disclose the identity of the source entity, and in response, may determine a subset of the set of biographical badges to be displayed with the security information to maintain anonymity of the identity of the source entity.
[0037] Biographical badge system 1 10 may indicate peer ratings of a source entity based on a subset of biographical badges. A subset of biographical badges of the source entity may be related to a peer rating of the security information. That is, receive engine 121 may receive information related to peer rating of the security information from by buyers of the security information. For example, a source entity may include a subset of biographical badges indicating positive peer ratings from other buyers of the security information the receive engine 121 has received from the source entity.
[0038] In some examples, peer ratings may include the rate of false positives. For example, security information from a source entity may be directed towards uncovering the presence of malicious code. A buyer may have success using the security information to uncover the presence of malicious code, while confronting few instances of false positives (e.g., code that is indicated as malicious, but is not malicious). The buyer may indicate that the security information has uncovered a high number of instances of malicious code with a low false positive rate relative to a number of instances of malicious code and false positive rate of prior security information that may not have been as useful.
[0039] In some examples, peer ratings may indicate the uniqueness of the security information. For example, a buyer may indicate the security information is a unique approach to a security problem such as detecting malware. The buyer may indicate that the approach to detecting malware is more efficient than previous approaches, and is therefore unique and valuable.
[0040] In some examples, peer ratings may indicate the originality of the security information. For example, a buyer may indicate the security information is an original approach to a security problem, and is not a solution the buyer may have previously tried which did not work.
[0041] The receive engine 121 may receive a request for a search query from a buyer at the security information sharing platform. The request for the search query may include a type of security information sought by the buyer. In some examples, the request for the search query may include characteristics of a source entity. For example, a request for a search query received from a buyer may be received by receive engine 121 . Biographical badge system 1 10 may perform a search query of the security information sharing platform, where the search query includes a particular type of security information the buyer is looking to purchase. That is, receive engine 121 may receive a request for a search query from a buyer specifying a type of security vulnerability, and biographical badge system 1 10 may perform a search query of the information sharing platform for the type of security vulnerability. As another example, receive engine 121 may receive a request for a search query from a buyer specifying characteristics of a particular source entity, and biographical badge system 1 10 may perform a search query of the security information sharing platform for the characteristics of the particular source entity. That is, biographical badge system 1 10 may perform a search query of the security information sharing platform that includes a minimum sized source entity (e.g., at least 100 employees), or a particular industry of the source entity (e.g., a source entity in the defense industry). Based on the request for the search query received at receive engine 121 from the buyer, the biographical badge system 1 10 may determine, for a listing available via the security information sharing platform, a corresponding set of biographical badges and cause display of information related to the determined corresponding set of biographical badges. That is, the biographical badge system 1 10 may determine and cause to display security information from the security information sharing platform, as well as a set of corresponding biographical badges of the source entity of the security information, to the buyer in response to receiving the buyer's request for the search query. [0042] As a further example, biographical badge system 1 10 may perform a search query of the security information sharing platform in response to a request for a search query where the request for the search query includes a particular type of security information sought by the buyer and characteristics of a particular source entity. Based on the request for the search query received at receive engine 121 from the buyer, the biographical badge system 1 10 may determine a corresponding set of biographical badges and cause display of information related to the
corresponding set of biographical badges. That is, the biographical badge system 1 10 may cause to display security information from the security information sharing platform, as well as a set of corresponding biographical badges of the source entity of the security information, to the buyer in response to receiving the buyer's request for the search query at receive engine 121 .
[0043] Responsive to determining that a buyer accesses information about a listing associated with a source entity, biographical badge system 1 10 may determine a subset of the set of biographical badges associated with the source entity that correspond to characteristics of the buyer. That is, biographical badge system 1 10 may determine a subset of the set of biographical badges based on characteristics of the buyer. For example, similar to a source entity, characteristics may also be associated with a buyer. Characteristics associated with a buyer may be similar to characteristics associated with a source entity. For example, characteristics of a buyer may include an industry of the buyer, a size of the buyer, a geographic location of the buyer, and/or a type of system technology of the buyer, although examples of the disclosure are not so limited.
[0044] Biographical badge system 1 10 may cause display of information from the set of biographical badges associated with the source entity based on the set of characteristics of the buyer being similar to the characteristics associated with the set of biographical badges of the source entity. For example, if the buyer includes characteristics such as an organization with less than 100 employees, located in the United States, and is an organization in an energy industry, the biographical badge system 1 10 may cause display of information from a set of biographical badges associated with a source entity based on the buyer's characteristics (e.g., buyer is an organization with less than 100 employees, located in the United States, and is an organization in an energy industry) being similar to the source entity's
characteristics. [0045] Biographical badge system 1 10 may determine relevance of the set of biographical badges to the buyer based on the set of characteristics of the source entity. For example, biographical badge system 1 10 may determine characteristics of the buyer and may compare the characteristics of the buyer with characteristics associated with the set of biographical badges of the source entity. In some examples, the biographical badge system 1 10 may determine relevance by determining a relevancy score based on the comparison of the characteristics of the buyer and the characteristics associated with the set of biographical badges. For example, the source entity may be a health organization located in the United States. Biographical badge system 1 10 may determine that the source entity health organization is relevant to a buyer who is also a health organization looking to purchase security information from the security information sharing platform.
[0046] Figure 2 is a block diagram depicting an example machine-readable storage medium 210, comprising instructions executable by a processor for biographical badges in a security information sharing platform.
[0047] Referring to Figure 2, the programming may be processor executable instructions 221 , 222, 223 stored on a machine-readable storage medium 210 and the hardware may include a processor 21 1 for executing those instructions. Thus, machine-readable storage medium 210 may be said to store program instructions or code that when executed by processor 21 1 implements a biographical badge system (e.g., biographical badge system 1 10, previously described in connection with Figure 1 )-
[0048] The executable program instructions in machine-readable storage medium 210 are depicted as receive instructions 221 , associate instructions 222, and display instructions 223. Instructions 221 , 222, and 223 represent program instructions that, when executed, cause processor 21 1 to implement engines 121 , 122, and 123, respectively.
[0049] Machine-readable storage medium 210 may be any electronic, magnetic, optical, or other physical storage device that includes or stores executable instructions. In some implementations, machine-readable storage medium 210 may be a non- transitory storage medium, where the term "non-transitory" does not encompass transitory propagating signals. Machine-readable storage medium 210 may be implemented in a single device or distributed across devices. Likewise, processor 21 1 may represent any number of processors capable of executing instructions stored by machine-readable storage medium 210. Processor 21 1 may be integrated in a single device or distributed across devices. Further, machine-readable storage medium 210 may be fully or partially integrated in the same device as processor 21 1 , or it may be separate but accessible to that device and processor 21 1 .
[0050] In one example, the program instructions may be part of an installation package that when installed may be executed by processor 21 1 to implement biographical badge system 1 10. In this case, machine-readable storage medium 210 may be a portable medium such as a floppy disk, CD, DVD, or flash drive or a memory maintained by a server from which the installation package may be downloaded and installed. In another example, the program instructions may be part of an application or applications already installed. Here, machine-readable storage medium 210 may include a hard disk, optical disk, tapes, solid state drives, RAM, ROM, EEPROM, or the like.
[0051] Processor 21 1 may be at least one central processing unit (CPU), microprocessor, and/or other hardware device suitable for retrieval and execution of instructions stored in machine-readable storage medium 210. Processor 21 1 may fetch, decode, and execute program instructions 221 , 222, and 223, and/or other instructions. As an alternative or in addition to retrieving and executing instructions, processor 21 1 may include at least one electronic circuit comprising a number of electronic components for performing the functionality of at least one of instructions 221 , 222, and 223, and/or other instructions.
[0052] In one example, instructions may be executable to receive, from a plurality of source entities, security information at a security information sharing platform, determine, for a source entity of the plurality of source entities, a set of biographical badges based on a set of characteristics of the source entity, and associate, in the security information sharing platform, a corresponding set of biographical badges for the source entity based on the determined set of biographical badges for the source entity.
[0053] In one example, instructions may be executable to, responsive to determining that a buyer accesses information about a listing associated with a source entity, determine a subset of the set of biographical badges associated with the source entity that correspond to characteristics of the buyer, and cause display of information related to the subset of the set of biographical badges. The instructions may be further executable to determine relevance of the set of biographical badges to the buyer based on the set of characteristics of the source entity. The instructions may be executable to indicate peer ratings of the source entity based on a subset of biographical badges.
[0054] Figure 3 is a flow diagram depicting an example method 330 for biographical badges in a security information sharing platform. The various processing blocks and/or data flows depicted in Figure 3 are described in greater detail herein. The described processing blocks may be accomplished using some or all of the system components described in detail above and, in some implementations, various processing blocks may be performed in different sequences and various processing blocks may be omitted. Additional processing blocks may be performed along with some or all of the processing blocks shown in the depicted flow diagrams. Some processing blocks may be performed simultaneously. Accordingly, method 330 as illustrated (and described in greater detail below) is meant be an example and, as such, should not be viewed as limiting. Method 330 may be implemented in the form of executable instructions stored on a machine-readable storage medium (e.g., machine- readable storage medium 210, previously described in connection with Figure 2), and/or in the form of electronic circuitry.
[0055] As illustrated at 332, the method 330 may include a receive engine (e.g., receive engine 121 , previously described in connection with Figure 1 ) to receive, at a security information sharing platform, security information from a plurality of source entities. For example, a source entity may generate security information. The generated security information may be valuable to an organization similar to the source entity. A receiving engine may receive the security information from the source entity to provide the security information to the security information sharing platform to be offered for sale to prospective buyers.
[0056] As illustrated at 334, the method 330 may include an associate engine (e.g., associate engine 122, previously described in connection with Figure 1 ) to associate, with a source entity of the plurality of source entities, a set of biographical badges based on a set of characteristics of the source entity and the security information from the source entity. The set of biographical badges may represent the source entity in abstract terms. For example, the set of biographical badges may give an indication to a buyer the industry of the source entity, a size of the source entity, a geographic location of the source entity, and/or a type of system technology of the source entity, among other characteristics associated with the set of biographical badges. The set of biographical badges may indicate to the buyer whether the security information is relevant to the buyer and whether the source entity is a trustworthy source for the security information, while maintaining the anonymity of the source entity. That is, the set of biographical badges indicate relevance to the buyer while maintaining privacy of the source entity.
[0057] As illustrated at 336, the method 330 may include in response to determining that a buyer accesses information about a listing associated with a source entity, an associate engine to determine a subset of the set of biographical badges associated with the source entity that correspond to characteristics of the buyer. For example, a buyer may have characteristics similar to a source entity (e.g., both source entity and buyer are located in the United States). The set (or a subset) of biographical badges may be displayed if characteristics of the buyer correspond to characteristics of the source entity. For example, a buyer technology company may not care about biographical badges corresponding to a source entity in a finance industry; badges, and security information from the finance source entity, may not be displayed for the buyer technology company.
[0058] As illustrated at 338, the method 330 may include a display engine (e.g., display engine 123, previously described in connection with Figure 1 ) to cause to display information related to the subset of the biographical badges. For example, security information may be caused to be displayed by the display engine along with a set of biographical badges of a source entity of the security information.
[0059] The method may include receiving, at the receive engine from a source entity, a selection of a subset of biographical badges among the set of biographical badges to be shown at the security information sharing platform. A source entity may not want to show the whole set of biographical badges pertaining to the source entity, as the whole set of biographical badges may disclose the identity of the source entity. For example, the set of biographical badges associated with a source entity that is located in the United States, is a top 10 financial institution, includes over 500 employees, and uses a particular type of system technology may disclose the identity of the source entity. That is, the source entity may be offering security information relating to a type of system vulnerability of the source entity, and the combination of the set of biographical badges may disclose the identity of the source entity, allowing malicious actors to determine the system vulnerability and gain unauthorized access to the source entities' systems. Therefore, the receive engine may receive, from the source entity, a selection of a subset of biographical badges among the set of biographical badges to be shown in order to maintain privacy, and information related to the subset of biographical badges and at least part of the security information may be caused to be displayed. That is, the security information for sale may be shown with the selected subset of biographical badges.
[0060] The method may include receiving, at the receive engine, a peer rating from a buyer about the source entity that comprises information indicating a value of the security information from the source entity. For example, a buyer may purchase security information from the security information sharing platform, and may indicate a value of the security information for other buyers in the future by the peer rating of the source entity.
[0061] The method may include revising, by a biographical badge system (e.g., biographical badge system 1 10, previously described in connection with Figure 1 ) a set or subset of biographical badges associated with a peer rating of the source entity in response to receiving the peer rating. For example, a set or subset of biographical badges of a source entity may be revised to indicate positive peer ratings from buyers of the source entity's security information. As another example, a set or subset of biographical badges of a source entity may be revised by the biographical badge system to indicate negative peer ratings from buyers of the source entity's security information.
[0062] Peer ratings of the source entity may improve the quality of the security information sharing platform by allowing buyers to avoid security information from source entities that are simply reselling publicly known information. Further, valuable security information may be more lucrative to a source entities, encouraging source entities to provide innovative security information to buyers.
[0063] The foregoing disclosure describes a number of example
implementations for biographical badges in a security information sharing platform. The disclosed examples may include systems, devices, computer-readable storage media, and methods for biographical badges in a security information sharing platform. For purposes of explanation, certain examples are described with reference to the components illustrated in Figures 1 -3. The functionality of the illustrated components may overlap, however, and may be present in a fewer or greater number of elements and components.
[0064] Further, all or part of the functionality of illustrated elements may co-exist or be distributed among several geographically dispersed locations. Moreover, the disclosed examples may be implemented in various environments and are not limited to the illustrated examples. Further, the sequence of operations described in connection with Figure 3 are examples and are not intended to be limiting. Additional or fewer operations or combinations of operations may be used or may vary without departing from the scope of the disclosed examples. Furthermore, implementations consistent with the disclosed examples need not perform the sequence of operations in any particular order. Thus, the present disclosure merely sets forth possible examples of implementations, and many variations and modifications may be made to the described examples. All such modifications and variations are intended to be included within the scope of this disclosure and protected by the following claims.

Claims

What is claimed is:
1 . A system for biographical badges, comprising:
a physical processor that executes machine-readable instructions that cause the system to:
receive, at a security information sharing platform, security information from a source entity;
associate a set of biographical badges with the source entity based on a set of characteristics of the source entity; and
cause display of information from the set of biographical badges and at least part of the security information from the source entity.
2. The system of claim 1 , wherein the processor executes machine-readable instructions that cause the system to cause display of information from the set of biographical badges by:
causing display of information from the set of biographical badges associated with the source entity based on a set of characteristics of a buyer.
3. The system of claim 1 , wherein the processor executes machine-readable instructions that cause the system to verify the set of biographical badges of the source entity.
4. The system of claim 1 , wherein the processor executes machine-readable instructions that cause the system to associate the set of biographical badges by: determining a type of the security information from the source entity; and associate the set of biographical badges with the source entity based on the type of the security information from the source entity.
5. The system of claim 1 , wherein the processor executes machine-readable instructions that cause the system to:
receive a search query from a buyer at the security information sharing platform, wherein the search query comprises:
a type of security information sought by the buyer; or
the characteristics of a source entity; determine, for a listing available via the security information sharing platform, a corresponding set of biographical badges; and
cause display of information related to the determined corresponding set of biographical badges.
6. The system of claim 1 , wherein the set of characteristics of the source entity include:
an industry of the source entity;
a size of the source entity;
a geographic location of the source entity; or
a type of system technology of the source entity.
7. The system of claim 1 , wherein the set of characteristics of the source entity are determined by:
clustering techniques; or
frequent pattern mining.
8. A method, comprising:
receiving, at a security information sharing platform, security information from a plurality of source entities;
associating, with a source entity of the plurality of source entities, a set of biographical badges based on a set of characteristics of the source entity and the security information from the source entity;
responsive to determining that a buyer accesses information about a listing associated with a source entity, determining a subset of the set of biographical badges associated with the source entity that correspond to characteristics of the buyer; and
causing display of information related to the subset of the set of biographical badges.
9. The method of claim 8, further comprising receiving, at the security information sharing platform, a selection of a subset of biographical badges among the set of biographical badges from the source entity; and causing display of information related to the selected subset of biographical badges and at least part of the security information.
10. The method of claim 8, further comprising receiving, at the security information sharing platform, a peer rating about the source entity from a buyer, wherein the peer rating comprises information indicating a value of security information from the source entity.
1 1 . The method of claim 10, further comprising revising a subset of biographical badges associated with a peer rating of the source entity in response to receiving the peer rating.
12. A non-transitory machine-readable storage medium comprising instructions executable by a processor of a computing device, the machine-readable storage medium comprising:
instructions to receive, from a plurality of source entities, security information at a security information sharing platform;
instructions to determine, for a source entity of the plurality of source entities, a set of biographical badges based on a set of characteristics of the source entity; and
instructions to associate, in the security information sharing platform, a corresponding set of biographical badges for the source entity based on the determined set of biographical badges for the source entity.
13. The medium of claim 12, further comprising instructions to:
responsive to determining that a buyer accesses information about a listing associated with a source entity, determine a subset of the set of biographical badges associated with the source entity that correspond to characteristics of the buyer; and cause display of information related to the subset of the set of biographical badges.
14. The medium of claim 13, further comprising instructions to:
determine relevance of the set of biographical badges to the buyer based on the set of characteristics of the source entity.
15. The medium of claim 12, further comprising instructions to: indicate peer ratings of the source entity based on a subset of biographical badges.
PCT/US2015/055003 2015-10-09 2015-10-09 Biographical badges WO2017062039A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/US2015/055003 WO2017062039A1 (en) 2015-10-09 2015-10-09 Biographical badges

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/US2015/055003 WO2017062039A1 (en) 2015-10-09 2015-10-09 Biographical badges

Publications (1)

Publication Number Publication Date
WO2017062039A1 true WO2017062039A1 (en) 2017-04-13

Family

ID=58488228

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2015/055003 WO2017062039A1 (en) 2015-10-09 2015-10-09 Biographical badges

Country Status (1)

Country Link
WO (1) WO2017062039A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050223413A1 (en) * 2004-03-31 2005-10-06 International Business Machines Corporation Cross domain security information conversion
US20070226805A1 (en) * 2002-10-17 2007-09-27 David Jeal Facilitating And Authenticating Transactions
KR20090005971A (en) * 2007-07-10 2009-01-14 엘지전자 주식회사 A method of establishing fast security association for handover between heterogeneous radio access networks
US20140007190A1 (en) * 2012-06-29 2014-01-02 Crowdstrike, Inc. Social Sharing of Security Information in a Group
US20140215607A1 (en) * 2013-01-31 2014-07-31 Hewlett-Packard Development Company, L.P. Threat exchange information protection

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070226805A1 (en) * 2002-10-17 2007-09-27 David Jeal Facilitating And Authenticating Transactions
US20050223413A1 (en) * 2004-03-31 2005-10-06 International Business Machines Corporation Cross domain security information conversion
KR20090005971A (en) * 2007-07-10 2009-01-14 엘지전자 주식회사 A method of establishing fast security association for handover between heterogeneous radio access networks
US20140007190A1 (en) * 2012-06-29 2014-01-02 Crowdstrike, Inc. Social Sharing of Security Information in a Group
US20140215607A1 (en) * 2013-01-31 2014-07-31 Hewlett-Packard Development Company, L.P. Threat exchange information protection

Similar Documents

Publication Publication Date Title
Himeur et al. Latest trends of security and privacy in recommender systems: a comprehensive review and future perspectives
Ghosh et al. Digital deceit: the technologies behind precision propaganda on the internet
Boritz et al. E-commerce and privacy: Exploring what we know and opportunities for future discovery
Pelteret et al. A review of information privacy and its importance to consumers and organizations
US10715534B2 (en) Collaborative security lists
Gehem et al. Assessing cyber security: A meta analysis of threats, trends, and responses to cyber attacks
JP2021504861A (en) Protected e-commerce and e-financial trading systems, devices, and methods
WO2017131788A1 (en) Encryption of community-based security information based on time-bound cryptographic keys
US10754984B2 (en) Privacy preservation while sharing security information
US11303662B2 (en) Security indicator scores
Taleby Ahvanooey et al. Do dark web and cryptocurrencies empower cybercriminals?
CN113609493A (en) Phishing website identification method, device, equipment and medium
Lykousas et al. The cynicism of modern cybercrime: Automating the analysis of surface web marketplaces
US10693914B2 (en) Alerts for communities of a security information sharing platform
US10868816B2 (en) Communities on a security information sharing platform
US20170353487A1 (en) Controlling data access in a security information sharing platform
WO2017062039A1 (en) Biographical badges
Grigorescu et al. Cyberspace–A Challenge
US10951405B2 (en) Encryption of community-based security information
EP3314805A1 (en) Sharing of community-based security information
LAWAL UNIVERSITY OF PORT HARCOURT, NIGERIA
Palmer et al. Ethics in e-business: Emerging issues and enduring themes
Elovici et al. Introduction to security and privacy in social networks
Human A Systematic Review of Cryptocurrencies Use in Cybercrimes
Howser Known Personally Identifiable Information to Cloud Users

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15905973

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15905973

Country of ref document: EP

Kind code of ref document: A1